Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You manage Windows Server VMs in an Azure virtual network that has no inbound NSG rules. Security requires administrators to start RDP sessions from the Azure portal with their Microsoft Entra ID credentials, avoid public IP addresses and keep port 3389 closed, and capture an audit log of every interactive session without installing guest agents. Which Azure capability satisfies all these requirements?
Deploy an Azure Bastion host using the Premium SKU and enable session recording.
Enable Just-in-Time VM access for the virtual machines in Microsoft Defender for Cloud.
Create a private endpoint that exposes port 3389 inside the virtual network and allow traffic only from trusted IP addresses.
Enable the Azure Serial Console feature on each virtual machine.
Azure Bastion Premium enables browser-based RDP (and SSH) over TLS on port 443. Because the Bastion host sits inside the virtual network, VMs do not need public IP addresses and no inbound NSG rule for port 3389 is required. The Premium SKU adds the session-recording feature, which stores every interactive RDP or SSH session in Azure Blob Storage for auditing and does so without deploying agents inside the guest operating system. Just-in-Time VM access temporarily opens port 3389 inbound, violating the network-closure requirement. Azure Serial Console provides only text-based troubleshooting, not full RDP, and is not recorded. Creating a private endpoint for RDP would still expose port 3389 internally and is not supported for standalone VMs in this manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Bastion and how does it work?
Open an interactive chat with Bash
What is the purpose of session recording in Azure Bastion Premium SKU?
Open an interactive chat with Bash
How does Azure Bastion enhance security compared to traditional RDP methods?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .